Acknowledged
Created: Jul 4, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]wifi: ath9k_htc: Abort software beacon handling if disabled[EOL][EOL]A malicious USB device can send a WMI_SWBA_EVENTID event from an[EOL]ath9k_htc-managed device before beaconing has been enabled. This causes[EOL]a device-by-zero error in the driver, leading to either a crash or an[EOL]out of bounds read.[EOL][EOL]Prevent this by aborting the handling in ath9k_htc_swba() if beacons are[EOL]not enabled.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38157 (https://nvd.nist.gov/vuln/detail/CVE-2025-38157)